dfcb21d386e8bae500e1a625748fd9c9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dfcb21d386e8bae500e1a625748fd9c9_JaffaCakes118
Size

430KB
MD5

dfcb21d386e8bae500e1a625748fd9c9
SHA1

3df3691612b4ae4d237b24224772abfbb19cd1cd
SHA256

90547993d423eb22c6ed167ee185647513c9f05c0383b9ef62ee176eeb9c2868
SHA512

f5d2b1a8520ae280e46eda8f3cb83fc6eeb8c508fc308cf8f75693b512cb19e1836673ba5f8098ad11e7e64d4090c416105b8f4969cb9fb2f2beea782e8f864f
SSDEEP

12288:MhIfHtIfwwF6ftXgHysNnK79gzwlUGL0L:MhIfHtIfwU6WH1NnKOzwlZ6

Score

1^/10

Malware Config

Signatures

Files

dfcb21d386e8bae500e1a625748fd9c9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a52177bfb6b665875571cfdb7fb89c99

Code Sign

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3d
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

06/04/2016, 03:19

Not After

06/01/2018, 03:19

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

06/04/2016, 03:28

Not After

06/01/2018, 03:28

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:92:87:a2:1e:b6:73:73:a3:88:a6:b9:4a:8d:71:d8:37:52:e4:70:66:f1:7e:9f:62:68:59:64:1c:3f:1e:36
Signer

Actual PE Digest

dd:92:87:a2:1e:b6:73:73:a3:88:a6:b9:4a:8d:71:d8:37:52:e4:70:66:f1:7e:9f:62:68:59:64:1c:3f:1e:36

Digest Algorithm

sha256

PE Digest Matches

true

c3:ed:b5:60:21:3e:98:a8:34:e9:b8:5c:9e:ca:d5:60:26:f2:25:7a
Signer

Actual PE Digest

c3:ed:b5:60:21:3e:98:a8:34:e9:b8:5c:9e:ca:d5:60:26:f2:25:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__setusermatherr
_amsg_exit
_errno
_initterm
_iob
_lock
_onexit
calloc
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
strlen
strncmp
_unlock
abort
vfprintf

avutil-54

av_free
av_freep
av_get_bits_per_pixel
av_get_cpu_flags
av_get_pix_fmt_name
av_image_alloc
av_log
av_malloc
av_mallocz
av_opt_set_defaults
av_pix_fmt_desc_get
av_pix_fmt_get_chroma_sub_sample
av_pix_fmt_swap_endianness

Exports

Exports

sws_addVec
sws_allocVec
sws_alloc_context
sws_cloneVec
sws_context_class
sws_convVec
sws_convertPalette8ToPacked24
sws_convertPalette8ToPacked32
sws_freeContext
sws_freeFilter
sws_freeVec
sws_getCachedContext
sws_getCoefficients
sws_getColorspaceDetails
sws_getConstVec
sws_getContext
sws_getDefaultFilter
sws_getGaussianVec
sws_getIdentityVec
sws_get_class
sws_init_context
sws_isSupportedEndiannessConversion
sws_isSupportedInput
sws_isSupportedOutput
sws_normalizeVec
sws_printVec2
sws_rgb2rgb_init
sws_scale
sws_scaleVec
sws_setColorspaceDetails
sws_shiftVec
sws_subVec
swscale_configuration
swscale_license
swscale_version

Sections

.text
Size: 389KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a52177bfb6b665875571cfdb7fb89c99

Code Sign

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3dCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

dd:92:87:a2:1e:b6:73:73:a3:88:a6:b9:4a:8d:71:d8:37:52:e4:70:66:f1:7e:9f:62:68:59:64:1c:3f:1e:36Signer

c3:ed:b5:60:21:3e:98:a8:34:e9:b8:5c:9e:ca:d5:60:26:f2:25:7aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

avutil-54

Exports

Exports

Sections

.text Size: 389KB - Virtual size: 388KB

.data Size: 512B - Virtual size: 60B

.rdata Size: 13KB - Virtual size: 13KB

.rodata Size: 512B - Virtual size: 320B

.bss Size: - Virtual size: 33KB

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 6KB - Virtual size: 6KB

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3d
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

dd:92:87:a2:1e:b6:73:73:a3:88:a6:b9:4a:8d:71:d8:37:52:e4:70:66:f1:7e:9f:62:68:59:64:1c:3f:1e:36
Signer

c3:ed:b5:60:21:3e:98:a8:34:e9:b8:5c:9e:ca:d5:60:26:f2:25:7a
Signer

.text
Size: 389KB - Virtual size: 388KB

.data
Size: 512B - Virtual size: 60B

.rdata
Size: 13KB - Virtual size: 13KB

.rodata
Size: 512B - Virtual size: 320B

.bss
Size: - Virtual size: 33KB

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 6KB - Virtual size: 6KB